> > That's correct, and should be investigated, but if there are any other > rules that allow this link, then > > VMSECURE QRULES JHUG LINK MAINT 123 > > should not tell you that the LINK would be rejected via NORULE DEFAULT. > > I agree, but if it says that the link would be rejected, then it should be rejected. Something is very wrong somewhere.
I see one possible scenario: 1. 'CPACTION * ACCEPT' record in VMXRPI CONFIG (used to generate HCPRPx modules) telling CP to allow everything if the rules facility is not running and 2. Rules facility is not running. If rules are not running, would QRULES command tell you that? Or would it just check the rules database? I would: 1. Run VMSECURE QCPCFG from authorised user (VMRMAINT should be) to verify all CPACTION settings in the currently running CP. 2. Check that VMSECURE userid's directory entry has IUCV *RPI MSGLIMIT 65535 3. Check the VMSECURE console messages and make sure that rules facility initialises correctly. 4. Run VMSECURE RULEMAP USER <userid> to display all rules that apply to that userid. Run other RULEMAP commands 5. Check all system, group, and user rule files to know what should be happening. 6. Call CA support. Ivica